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controlling data transfer between each user terminal coupled to a first 
communication network and a second communication network via a gateway 
and a firewall, said method including the steps of: 

sending an access request to said gateway from each said user 
terminal requiring access to said second communication network; 
said gateway reading each said access request; 
modifying at least one access rule in said firewall to permit access for 
each said user terminal requesting access based on an authenticated IP 
address of each said user terminal; and 

monitoring simultaneously at said firewall transfer of data between 
each said user terminal and said second communication network. 

The method may further include the step of dynamically controlling 
bandwidth available to each said user terminal in real time. A restricted 
bandwidth may be allocated on the fly to a single user terminal, a plurality of 
user terminals and/or one or more specified user accounts. Bandwidth may 
be controlled for uploading and/or downloading data. 

The method may further include the step of enabling and/or disabling 
one or more ports of access to each user terminal. 

Optionally, a single machine may include the gateway and the firewall. 
Alternatively, the firewall may be in a different machine from the gateway. 

Authentication of the IP address is preferably carried out by the 
gateway. Authentication may be carried out using an encryption/decryption 
process. 

The method may further include the step of controlling access of a user 
terminal to the second communication network from a management terminal 
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coupled to the first communication network. 



The method may further include the step of monitoring a period of time 
a user terminal has access to the second communication network. 

The method may further include the step of monitoring a quantity of 
5 data a user terminal uploads and/or downloads. 

The method may further include the step of monitoring a cost to a user 
of their user terminal having access to the second communication network. 

According to another aspect, the invention resides in a system for 
monitoring and controlling data transfer in communication networks, said 
10 system comprising: 

one or more user terminals coupled to a first communication network; 
a second communication network coupled to said first communication 
network via a gateway and a firewall; 

wherein said firewall simultaneously monitors transfer of data between 
15 each said user terminal and said second communication network for each 
user terminal having an authenticated IP address that has access to said 
second communication network. 

Optionally, a single machine may include the gateway and the firewall. 
Alternatively, the firewall may be in a different machine from the gateway. 
20 Authentication of the IP address is preferably carried out by the 

gateway and may involve an encryption/decryption process to authenticate a 
remote terminal. 

The system may further include dynamically controlling bandwidth 
available to each said user terminal in real time. A restricted bandwidth may 
25 be allocated on the fly to a single user terminal, a plurality of user terminals 
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and/or one or more specified user accounts. Bandwidth may be controlled for 
uploading and/or downloading data. 

According to a further aspect, the invention resides in a gateway for 
monitoring and controlling data transfer in communication networks, said 
gateway comprising: 

a firewall for permitting access to a second communication network for 
each user terminal coupled to a first communication network having an 
authenticated IP address; 

wherein said gateway monitors simultaneously at said firewall transfer 
of data between each said user terminal and said second communication 
network. 

The gateway may further comprise means for dynamically controlling 
bandwidth allocated to each said user terminal in real time. 

The gateway may further comprise means for enabling and/or disabling 
one or more ports of access to each user terminal. 

Further aspects and features of the invention will become apparent 
from the following description. 



To assist in understanding the invention and to enable a person skilled 
in the art to put the invention into practical effect preferred embodiments of 
the invention will be described by way of example only with reference to the 
accompanying drawings, wherein: 

FIG. 1 shows a schematic representation of a computer system in 
accordance with the present invention in which the method and apparatus of 
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CLAIMS 

1 . A method of monitoring and controlling data transfer between each user 
terminal coupled to a first communication network and a second 
communication network via a gateway and a firewall, said method 
including the steps of: 

sending an access request to said gateway from each said user terminal 
requiring access to said second communication network; 
said gateway reading each said access request; 

modifying at least one access rule in said firewall to permit access for 
each said user terminal requesting access based on an authenticated IP 
address of each said user terminal requesting access; and 
monitoring simultaneously at said firewall the transfer of data between 
each said user terminal and said second communication network. 

2. The method of claim 1 further including the step of dynamically 
controlling bandwidth available to one or more of said user terminals in 
real time. 



3. The method of claim 2, wherein a restricted bandwidth is allocated to a 
single user terminal. 



4. The method of claim 2, wherein a restricted bandwidth is shared 
between a plurality of user terminals. 
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^3 5. The method of claim 2, wherein bandwidth is restricted for uploading 

data and/or downloading data. 

6. The method of claim 2, wherein a restricted bandwidth is allocated to 
5 one or more terminals for a prescribed time period. 




7. The method of claim 2 t wherein a restricted bandwidth is allocated to 
one or more terminals on the basis of a priority status allocated to the 
one or more terminals or a user account. 

10 

8. The method of claim 1, wherein the IP address of a user terminal is 
authenticated on the basis that the user terminal has previously been 
authenticated by the gateway using an encryption/decryption process. 



15 9. The method of claim 1 further including the step of enabling and/or 

disabling one or more ports of access to a user terminal. 



10. The method of claim 1 further including the step of controlling access of 
a user terminal to the second communication network from a 
20 management terminal coupled to the first communication network. 



11. The method of claim 1 further including the step of monitoring a period 
of time a user terminal has access to the second communication 
network. 
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12. The method of claim 1 further including the step of monitoring a quantity 
of data a user terminal uploads and/or downloads. 

13. The method of claim 1 further including the step of monitoring a cost to 
a user of their user terminal having access to the second communication 
network. 

14. A system for monitoring and controlling data transfer in communication 
networks, said system comprising: 

one or more user terminals coupled to a first communication network; 
a second communication network coupled to said first communication 
network via a gateway and a firewall; 

wherein said firewall simultaneously monitors transfer of data between 
each said user terminal and said second communication network for 
each user terminal having an authenticated IP address that has access 
to said second communication network. 

15. The system of claim 14, wherein a single machine comprises both the 
gateway and the firewall. 

16. The system of claim 14, wherein the firewall is in a different machine 
from the gateway. 

17. The system of claim 14, wherein authentication of the IP address is 
carried out by the gateway. 
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5^18. The system of claim 17, wherein authentication employs an 



encryption/decryption process to authenticate a remote terminal. 

19. The system of claim 14, wherein bandwidth available to the one or more 
user terminals is dynamically controlled in real time. 

20. The system of claim 14, wherein a restricted bandwidth is allocated to a 
single user terminal. 

21. The system of claim 14, wherein a restricted bandwidth is shared 
between a plurality of user terminals. 

22. The system of claim 14, wherein a restricted bandwidth is allocated to a 
user account. 

23. The system of claim 14, wherein bandwidth is restricted for uploading 
data and/or downloading data. 

24. A gateway for monitoring and controlling data transfer in communication 
networks, said gateway comprising: 

a firewall for permitting access to a second communication network for 
each user terminal coupled to a first communication network having an 
authenticated IP address; 
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wherein said gateway monitors simultaneously at said firewall transfer of 



data between each said user terminal and said second communication 
network. 



25. The gateway of claim 24 further comprising means for dynamically 
controlling bandwidth allocated in real time to each said user terminal. 

26. The gateway of claim 24 further comprising means for enabling and/or 
disabling one or more ports of access to each user terminal. 



